cybersecurity

DW Weekly #207 – China disagrees with Trump over $54B TikTok deal due to tariffs rise

Logo, Text

6 – 14 April 2025

People, Person, Crowd, Face, Head, Audience

Dear readers,

Last week, we saw the TikTok saga unfold as the Chinese government has not agreed to sell the ByteDance daughter company to a US majority TikTok entity, so US President Donald Trump extended the deadline to find a non-Chinese buyer by another 75 days, pushing the cutoff to mid-June after a near-miss on 5 April.

Amid the tariff rise turmoil, President Donald Trump’s administration has granted exemptions from steep tariffs on smartphones, laptops, and other electronics, relieving tech giants like Apple and Dell. 

The cryptocurrency landscape was waved by a blockchain analytics firm, which has alleged that the team behind the Melania Meme (MELANIA) cryptocurrency moved $30 million worth of tokens, allegedly taken from community reserves without explanation.

In the ever-evolving world of AI, two leading AI systems, OpenAI’s GPT-4.5 and Meta’s Llama-3.1, have passed a key milestone by outperforming humans in a modern version of the Turing Test. 

On the cybersecurity stage, Oracle Health has reportedly suffered a data breach that compromised sensitive patient information stored by US hospitals.

The European Union has firmly ruled out dismantling its strict digital regulations in a bid to secure a trade deal with Donald Trump. Henna Virkkunen, the EU’s top official for digital policy, said the bloc remained fully committed to its digital rulebook instead of relaxing its standards to satisfy US demands.

Meta’s existence is threatened by a colossal antitrust trial which commenced in Washington, with the US Federal Trade Commission (FTC) arguing that the company’s acquisitions of Instagram in 2012 and WhatsApp in 2014 were designed to crush competition with monopoly aims instead of fostering innovation.

Elon Musk’s legal saga with OpenAI intensifies, as OpenAI has filed a countersuit accusing the billionaire entrepreneur of a sustained campaign of harassment intended to damage the company and regain control over its AI developments.

For the main updates and reflections, consult the Radar and Reading Corner below.

DW Team

RADAR

Highlights from the week of 6 – 14 April 2025

meta brazil hate speech policy

Former Facebook executive says Meta misled over China

Wynn-Williams says Meta executives prioritised business growth in China over national security.

Read more
Algorithms confront tariffs featured image

Tech stocks rally after Trump halts tariffs

The Nasdaq jumped over 12%, its best day in decades, following a temporary halt on trade tariffs by the Trump administration.

Read more
deepseek AI China research innovation

DeepSeek highlights the risk of data misuse

Data stored today could be vulnerable to decryption in the near future.

Read more
instagram 5409107 1280

Meta to block livestreaming for under 16s without parental permission

Instagram users under 16 won’t be able to livestream or view blurred nudity in messages unless approved by a parent, Meta announced.

Read more
openAI Sam Altman TED 2025 ChatGPT users

ChatGPT hits 800 million users after viral surge

OpenAI is developing agents that can act autonomously on behalf of users, with safeguards.

Read more
electricity 4666566 1280

Google rolls out AI to improve US power grid connections

Energy connection delays face AI-powered fix through Google’s new initiative.

Read more
google 959059 1280

Google offers steep discounts to US federal agencies

The 71% discount on Google Workspace is part of a cost-cutting initiative under President Trump’s government reform, targeting federal spending efficiency.

Read more
japan 1184122 1280

Japan’s FSA proposes new framework for regulating crypto assets in Japan

A discussion paper on crypto regulation in Japan highlights issues like market access, insider trading, and classification of assets into funding and non-funding categories.

Read more
building 1011876 1280

Microsoft pauses $1 billion data centre project in Ohio

As AI demand shifts, Microsoft has slowed down major data centre projects, including the one in Ohio, and plans to invest $80 billion in AI infrastructure this year.

Read more
View all updates
READING CORNER
navigating the ai maze featured image

Navigating the AI maze: How to choose the right AI platform or tool – Diplo

With over 10,000 AI applications available, selecting the right AI tool can be daunting. Diplo advocates starting with a ‘good enough’ tool to avoid paralysis by analysis, tailoring it to specific needs through practical use.

Read more
BLOG featured image 2025 54

Don’t waste the crisis: How AI can help reinvent International Geneva – Diplo

International Geneva faces significant challenges, including financial constraints, waning multilateralism, and escalating geopolitical tensions. To remain relevant, it must embrace transformative changes, particularly through Artificial Intelligence (AI).

Read more
1524167e 54ef 4a3f a7f3 00814510c175

Microsoft at 50 – A journey through code, cloud, and AI

Founded by Bill Gates and Paul Allen in 1975, Microsoft grew from a small startup into the world’s largest software company. Through strategic acquisitions, the company expanded into diverse sectors,…

Read more
650 312 max 1

On the origins of ideas – Diplo

Do ideas have origins? From medieval communes to WWI, Aldo Matteucci shows how political thought, like a river, is shaped by experience, institutions, and historical context — not just theory.

Read more
UPCOMING EVENTS
gitex africa
www.diplomacy.edu

GITEX Africa 2025 – Diplo Event

GITEX Africa 2025 Jovan Kurbalija will participate at GITEX Africa (14-16 April 2025 in Marrakech, Morocco).

Read more
Geneva Internet Platform
www.diplomacy.edu

Tech attache briefing: WSIS+20 and AI governance negotiations – Updates and next steps – Diplo Event

Tech attache briefing: WSIS+20 and AI governance negotiations – Updates and next steps. The event is part of a series of regular briefings the Geneva

 Internet Platform (GIP) is delivering for diplomats at permanent missions and delegations in Geneva following digital policy issues. It is an invitation-only event.
Read more
geneva human rights platform
23 April 2025

Demystifying AI: How to prepare international organisations for AI transformation?

The event will provide a timely discussion on methods, approaches, and solutions for AI transformation of International Organisaitons. 
Read more
WIPO
dig.watch

WIPO Conversation 11: AI and IP: Infrastructure for rights holders and innovation

WIPO’s 11th Conversation on IP and AI will take place on April 23-24, 2025, focusing on the role of copyright infrastructure in supporting both rights holders and AI-driven innovation. As…

Read more

Malware hidden in fake Office add-ins targets crypto users

Hackers are using bogus Microsoft Office extensions uploaded to SourceForge to spread malware. Cybersecurity firm Kaspersky has warned that the malware is designed to steal cryptocurrency.

One listing, posing as ‘officepackage,’ contains genuine Office add-ins. However, it also hides ClipBanker — a virus that swaps copied crypto wallet addresses with those belonging to attackers.

The malware tricks users by mimicking legitimate Office add-in pages, complete with download buttons and developer-style layouts. Once installed, ClipBanker monitors the clipboard and replaces wallet addresses without users’ knowledge.

It also gathers IP addresses, usernames, and system data, which it sends to the attackers via Telegram. In some cases, the virus checks for antivirus software or previous infections and self-deletes if detected.

Kaspersky noted that the malicious files are suspiciously small or padded with junk data to appear legitimate. While the primary goal is to steal cryptocurrency, attackers may sell access to infected systems to other malicious actors.

The malware’s interface is in Russian, and most victims so far — over 4,600 — have been located in Russia.

To stay safe, Kaspersky advises downloading software only from trusted sources. The company noted a growing trend of hackers hiding malware in pirated or unofficial software to exploit users chasing free apps.

For more information on these topics, visit diplomacy.edu.

Apple challenges UK government over encrypted iCloud access order

A British court has confirmed that Apple is engaged in legal proceedings against the UK government concerning a statutory notice linked to iCloud account encryption. The Investigatory Powers Tribunal (IPT), which handles cases involving national security and surveillance, disclosed limited information about the case, lifting previous restrictions on its existence.

The dispute centres on a government-issued Technical Capability Notice (TCN), which, according to reports, required Apple to provide access to encrypted iCloud data for users in the UK. Apple subsequently removed the option for end-to-end encryption on iCloud accounts in the region earlier this year. While the company has not officially confirmed the connection, it has consistently stated it does not create backdoors or master keys for its products.

The government’s position has been to neither confirm nor deny the existence of individual notices. However, in a rare public statement, a government spokesperson clarified that TCNs do not grant direct access to data and must be used in conjunction with appropriate warrants and authorisations. The spokesperson also stated that the notices are designed to support existing investigatory powers, not expand them.

The IPT allowed the basic facts of the case to be released following submissions from media outlets, civil society organisations, and members of the United States Congress. These parties argued that public interest considerations justified disclosure of the case’s existence. The tribunal concluded that confirming the identities of the parties and the general subject matter would not compromise national security or the public interest.

Previous public statements by US officials, including the former President and the current Director of National Intelligence, have acknowledged concerns surrounding the TCN process and its implications for international technology companies. In particular, questions have been raised regarding transparency and oversight of such powers.

Legal academics and members of the intelligence community have also commented on the broader implications of government access to encrypted platforms, with some suggesting that increased openness may be necessary to maintain public trust.

The case remains ongoing. Future proceedings will be determined once both parties have reviewed a private judgment issued by the court. The IPT is expected to issue a procedural timetable following input from both Apple and the UK Home Secretary.

For more information on these topics, visit diplomacy.edu.

Hackers exploit ESET vulnerability to deploy malware, Kaspersky warns

A recently disclosed software vulnerability in ESET security products has been identified as a potential vector for discreet malware installation, according to findings published by the cybersecurity company Kaspersky.

Catalogued as CVE-2024-11859, the flaw permits the execution of a malicious dynamic-link library (DLL) by leveraging ESET’s own antivirus scanning process. If exploited, the technique allows unauthorised code to run silently, bypassing standard system warnings and activity logs.

ESET, headquartered in Slovakia, acknowledged the issue in an advisory and issued a software update addressing the flaw. The company assigned it a medium severity rating, with a Common Vulnerability Scoring System (CVSS) score of 6.8 out of 10. ESET further indicated there is no current evidence that the vulnerability has been actively exploited in operational environments.

Kaspersky attributed the technique to a threat actor group known as ToddyCat, which has been observed since 2020 conducting operations against governmental and defence-related targets. While Kaspersky referenced the use of two specific DLLs in its analysis, ESET reported that it had not received samples of the files and could not independently confirm the attribution.

The malicious tool deployed in this case, named TCDSB by researchers, was disguised as a legitimate Windows DLL and designed to evade monitoring tools. The code appears to be a modified variant of EDRSandBlast, a known framework used to circumvent endpoint detection systems.

Modifications introduced in TCDSB are believed to enable interference with operating system components, suppressing alerts typically generated when new processes are initiated or external files loaded. Kaspersky reported multiple instances of the tool but did not identify affected organisations.

While no specific nation-state connection has been confirmed, ToddyCat has previously been associated with activities targeting institutions in Europe and Asia, as well as digital infrastructure in locations such as Taiwan and Vietnam. Some prior research has linked the group to broader cyber-espionage efforts attributed to Chinese interests.

According to ESET, successful use of the CVE-2024-11859 vulnerability requires existing administrative access to the target system, limiting the attack vector to post-compromise scenarios.

Kaspersky noted that the group employs a range of tunnelling techniques for data exfiltration, including abuse of virtual private networks and cloud services, often maintaining multiple exfiltration routes to ensure persistence even when individual channels are disrupted.

For more information on these topics, visit diplomacy.edu.

Osney Capital invests in the UK’s cybersecurity innovation

Osney Capital has launched the UK’s first specialist cybersecurity seed fund, focused on investing in promising cybersecurity startups at the Pre-Seed and Seed stages.

The fund, which raised more than its initial £50 million target, will write cheques between £250k and £2.5 million and has the capacity for follow-on investments in Series A rounds.

Led by Adam Cragg, Josh Walter, and Paul Wilkes, the Osney Capital team brings decades of experience in cybersecurity and early-stage investing. Instead of relying on generalist investors, the fund will offer tailored support to early-stage companies, addressing the unique challenges in the cybersecurity sector.

The UK cybersecurity industry has grown to £13.2 billion in 2025, driven by complex cyber threats, regulatory pressures, and the rapid adoption of AI. The fund aims to capitalise on this growth, tapping into the strong talent pipeline boosted by UK universities and specialised cybersecurity programs.

Supported by cornerstone investments from the British Business Bank and accredited by the UK’s National Security Strategic Investment Fund, Osney Capital’s mission is to back the next generation of cybersecurity founders and help them scale globally competitive businesses.

For more information on these topics, visit diplomacy.edu.

Thailand strengthens cybersecurity with Google Cloud

Thailand’s National Cyber Security Agency (NCSA) has joined forces with Google Cloud to strengthen the country’s cyber resilience, using AI-based tools and shared threat intelligence instead of relying solely on traditional defences.

The collaboration aims to better protect public agencies and citizens against increasingly sophisticated cyber threats.

A key part of the initiative involves deploying Google Cloud Cybershield for centralised monitoring of security events across government bodies. Instead of having fragmented monitoring systems, this unified approach will help streamline incident detection and response.

The partnership also brings advanced training for cybersecurity personnel in the public sector, alongside regular threat intelligence sharing.

Google Cloud Web Risk will be integrated into government operations to automatically block websites hosting malware and phishing content, instead of relying on manual checks.

Google further noted the impact of its anti-scam technology in Google Play Protect, which has prevented over 6.6 million high-risk app installation attempts in Thailand since its 2024 launch—enhancing mobile safety for millions of users.

For more information on these topics, visit diplomacy.edu.

European Commission targets end-to-end encryption and proposes expanding Europol’s powers into an EU-level FBI equivalent

The European Commission announced ProtectEU, a new internal security strategy that sets out the broad priorities it intends to pursue in the coming years in response to evolving security challenges. While the document outlines strategic objectives, it does not include specific legislative proposals.

The Commission highlighted the need to revisit the European Union’s approach to internal security, citing what it described as ‘a changed security environment and an evolving geopolitical landscape.’ Among the identified challenges are hybrid threats from state and non-state actors, organised crime, and increasing levels of online criminal activity.

One of the key elements of the strategy is the proposed strengthening of Europol’s operational role. The Commission suggests developing Europol into a truly operational police agency to reinforce support to member states, with the capacity to assist in cross-border, large-scale, and complex investigations that present serious risks to the Union’s internal security.

That would bring Europol closer in function to agencies such as the US Federal Bureau of Investigation. The strategy also notes the Commission’s intention to develop roadmaps on ‘lawful and effective access to data for law enforcement’ and encryption.

The strategy aims to ‘identify and assess technological solutions that would enable law enforcement authorities to access encrypted data lawfully, safeguarding cybersecurity and fundamental rights.’ These issues continue to be the subject of technical and legal discussion across jurisdictions.

Other aspects of the strategy address long-standing challenges within the EU’s security framework, including limited situational awareness and coordination at the executive level. The strategy proposes enhancing intelligence-sharing through the EU’s Single Intelligence Analysis Capacity, a mechanism for the voluntary sharing of intelligence by member states, which is currently supported by open-source analysis.

The report further emphasised that the effectiveness of any reforms in this area would depend on the commitment of member states, citing ongoing challenges related to differing national priorities and levels of political alignment. In addition, the Commission announced its intention to propose a new Cybersecurity Act and new measures to secure cloud and telecom services and develop technological sovereignty.

For more information on these topics, visit diplomacy.edu.

Singapore issues new guidelines to strengthen resilience and security of cloud services and data centres

The Infocomm Media Development Authority (IMDA) has issued new Advisory Guidelines (AGs) intended to support the resilience and security of Cloud Services and Data Centres (DCs) in Singapore. The guidelines set out best practices for Cloud Service Providers (CSPs) and DC operators, aiming to reduce service disruptions and limit their potential impact on economic and social functions.

A wide range of digital services—including online banking, ride-hailing, e-commerce, and digital identity systems—depend on the continued availability of cloud infrastructure and data centre operations. Service interruptions may affect the delivery of these services.

The AGs encourage service providers to adopt measures that improve their ability to recover from outages and maintain operational continuity. The AGs recommend various practices to address risks associated with technical misconfigurations, physical incidents, and cybersecurity threats.

Key proposals include conducting risk and business impact assessments, establishing business continuity arrangements, and strengthening cybersecurity capabilities. For Cloud Services, the guidelines outline seven measures to reinforce security and resilience.

These cover security testing, access controls, data governance, and disaster recovery planning. Concerning Data Centres, the AGs provide a framework for business continuity management to minimise operational disruptions and maintain high service availability.

That involves the implementation of relevant policies, operational controls, and ongoing review processes. The development of the AGs forms part of wider national efforts led by the inter-agency task force on the Resilience and Security of Digital Infrastructure and Services.

These guidelines are intended to complement regulatory initiatives, including planned amendments to the Cybersecurity Act and the Digital Infrastructure Act (DIA) introduction, which will establish requirements for critical digital infrastructure providers such as major CSPs and DC operators. To inform the guidelines, the IMDA conducted consultations with a broad range of stakeholders, including CSPs, DC operators, and end user enterprises across sectors such as banking, healthcare, and digital platforms.

The AGs will be updated periodically to reflect technological developments, incident learnings, and further industry input. A coordinated approach is encouraged across the digital services ecosystem. Businesses that provide digital services are advised to assess operational risks and establish appropriate business continuity plans to support service reliability.

The AGs also refer to international standards, including IMDA’s Multi-Tier Cloud Security Standard, the Cloud Security Alliance Cloud Controls Matrix, ISO 27001, and ISO 22301. Providers are encouraged to designate responsible personnel to oversee resilience and security efforts.

These guidelines form part of Singapore’s broader strategy to strengthen its digital infrastructure. The government will continue to engage with sectoral regulators and stakeholders to promote resilience, cybersecurity awareness, and preparedness across industries and society.

As digital systems evolve, sustained attention to infrastructure resilience and security remains essential. The AGs are intended to support organisations in maintaining reliable services while aligning with recognised standards and best practices.

For more information on these topics, visit diplomacy.edu.

Australia’s largest pension funds face coordinated cyber attacks

Several of Australia’s largest pension funds have recently been under suspected cyberattacks, exposing sensitive personal data and leading to confirmed financial losses in some cases.

AustralianSuper, the country’s biggest fund, confirmed that hackers used stolen passwords to access around 600 accounts, resulting in a reported A$500,000 loss from four members.

Rest Super, which manages A$93 billion for two million members, reported unauthorised access affecting about 8,000 accounts.

The fund quickly shut down its member portal and launched an investigation, stating that while personal information was accessed, no money was taken during the incident.

Other major superannuation providers, including Hostplus, Australian Retirement Trust (ART), and Insignia Financial, also reported suspicious activity.

ART detected login attempts across hundreds of accounts but confirmed no theft, while Insignia acknowledged attempted breaches with no reported losses.

Authorities believe the attacks were primarily conducted using ‘credential stuffing,’ a method where attackers use passwords leaked in unrelated breaches to access other platforms.

Here, the continued risks of weak password reuse are highlighted, as well as the importance of additional protections like two-factor authentication.

In response to the breaches, the National Cyber Security Coordinator of Australia, Michelle McGuinness, has initiated a government-wide review in cooperation with regulators and industry representatives.

Prime Minister Anthony Albanese addressed the attacks, reaffirming his administration’s commitment to strengthening cybersecurity defences.

Superannuation funds are contacting affected members and urging all users to update their credentials and take additional precautions.

For more information on these topics, visit diplomacy.edu.

UK’s Royal Mail investigates major data breach

Royal Mail is investigating a significant cybersecurity incident after a hacker known as ‘GHNA’ claimed to have leaked 144GB of sensitive customer data. The files were allegedly obtained through Spectos, a third-party analytics provider, and posted on the BreachForums platform. While the leaked information includes names, addresses, parcel data, and internal recordings, Royal Mail stated that its delivery services remain unaffected.

Spectos confirmed a breach on 29 March, explaining that the attack stemmed from a 2021 malware infection that compromised an employee’s credentials. Cybersecurity firm Hudson Rock linked the same login data to another recent attack involving Samsung. The exposed dataset includes thousands of files containing mailing lists from Mailchimp, Zoom meetings, logistics details, and a WordPress database, raising concerns about the security of Royal Mail’s extended network.

The breach is the latest in a series of cyber incidents targeting the UK’s Royal Mail, following a 2023 ransomware attack that halted international shipping and a 2022 outage in its tracking systems. While the full extent of the latest leak remains under investigation, experts warn that prolonged access to internal systems may have occurred before the data was released. No public notification procedures have yet been confirmed.

For more information on these topics, visit diplomacy.edu.